luci-proto-openconnect: fix server url validation

The OpenConnect configuration form incorrectly assumed that the server setting must be hostname while it actually may be a full URL. Fixes: #6184 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-02-07 11:52:17 +01:00 · 2023-02-07 11:52:17 +01:00 · f1312cadc6
commit f1312cadc6
parent 1597d8e555
2 changed files with 42 additions and 4 deletions
--- a/modules/luci-base/htdocs/luci-static/resources/ui.js
+++ b/modules/luci-base/htdocs/luci-static/resources/ui.js
@ -820,7 +820,7 @@ var UISelect = UIElement.extend(/** @lends LuCI.ui.Select.prototype */ {
 						'type': this.options.multiple ? 'checkbox' : 'radio',
 						'class': this.options.multiple ? 'cbi-input-checkbox' : 'cbi-input-radio',
 						'value': keys[i],
-						'checked': (this.values.indexOf(keys[i]) > -1) ? '' : null,
+						'checked': ((!i && !this.values.length) || this.values.indexOf(keys[i]) > -1) ? '' : null,
 						'disabled': this.options.disabled ? '' : null
 					}),
 					E('label', { 'for': this.options.id ? 'widget.%s.%d'.format(this.options.id, i) : null }),
@ -832,6 +832,9 @@ var UISelect = UIElement.extend(/** @lends LuCI.ui.Select.prototype */ {
 				]));

 				frameEl.appendChild(brEl.cloneNode());
+
+				if (!frameEl.querySelector('> span > input[checked]')
+					frameEl.querySelector('> span > input').checked = true;
 			}
 		}

--- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
+++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
@ -2,6 +2,7 @@
 'require rpc';
 'require form';
 'require network';
+'require validation';

 var callGetCertificateFiles = rpc.declare({
 	object: 'luci.openconnect',
@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', {
 		o.value('pulse', 'Pulse Connect Secure SSL VPN');

 		o = s.taboption('general', form.Value, 'server', _('VPN Server'));
-		o.datatype = 'host(0)';
+		o.validate = function(section_id, value) {
+			var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i);
+
+			if (!m)
+				return _('Invalid server URL');
+
+			if (m[1] != null) {
+				if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i))
+					return _('Unsupported protocol');
+			}
+
+			if (m[2] != null) {
+				if (!validation.parseIPv6(m[2]))
+					return _('Invalid IPv6 address');
+			}
+
+			if (m[3] != null) {
+				if (!validation.parseIPv4(m[3])) {
+					if (!(m[3].length <= 253 &&
+					      (m[3].match(/^[a-zA-Z0-9_]+$/) != null ||
+					       (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
+					        m[3].match(/[^0-9.]/)))))
+						return _('Invalid hostname or IPv4 address');
+				}
+			}
+
+			if (m[4] != null) {
+				var p = +m[4];
+
+				if (p < 0 || p > 65535)
+					return _('Invalid port');
+			}
+
+			return true;
+		};

 		o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
 		o.placeholder = '443';
@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', {

 		o = s.taboption('general', form.Value, 'password2', _('Password2'));
 		o.password = true;
-	
+
 		o = s.taboption('general', form.Value, 'proxy', _('Proxy Server'));
 		o.optional = true;

@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', {
 		o.optional = true;
 		o.placeholder = 1406;
 		o.datatype = 'range(68, 9200)';
-		
+
 		o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout'));
 		o.optional = true;
 		o.placeholder = 300;